Security Engineer

4 - 6 years

7 - 10 Lacs

Posted:1 day ago| Platform: GlassDoor logo

Apply

Work Mode

On-site

Job Type

Part Time

Job Description

Job Information

    Date Opened

    15/10/2025

    Province

    Uttar Pradesh

    Job Type

    Full time

    Industry

    IT Services

    Shift Timing

    General day shift

    Work Experience

    4-6 years

    Weekly Off

    5 Day working with Saturday and Sunday off

    City

    Noida

    Country

    India

    Postal Code

    201303
Broad Function:

As a Security Engineer, your primary focus will be on securing code before it reaches production and ensuring that vulnerabilities are identified and addressed early in the development lifecycle. You will play a key role in code scanning and vulnerability assessment, ensuring that all code entering production is secure, compliant, and free from vulnerabilities.
Your responsibilities will include integrating security practices into the CI/CD pipeline to automate security checks and vulnerabilities remediation. By embedding security throughout the Secure Software Development Life Cycle (SSDLC), you will work closely with development, DevOps, and security teams to ensure a proactive approach to security, preventing vulnerabilities from making it to production.

Roles and Responsibilities:

Code Review & Vulnerability Assessment:

  • Conduct manual and automated code reviews to identify security vulnerabilities, focusing on OWASP Top 10, CWE Top 25, and business logic flaws.
  • Integrate security controls across all stages of the Secure SDLC, from development to deployment. Work with developers to ensure vulnerabilities are caught before code is pushed to production by integrating security checks into the CI/CD pipeline.
  • Conduct regular security reviews, threat modelling, and risk assessments for applications and infrastructure.
  • Ensure timely patching, vulnerability mitigation, and compliance with internal security policies.
  • Work closely with development teams to promote secure coding practices and perform Security Code Reviews (SCR).
  • Contribute to continuous improvement of DevSecOps pipelines, documentation, and security automation.
  • Track vulnerabilities identified through security tools and ensure that they are promptly prioritized and remediated.

Security Tool Integration:

  • Configure, automate and maintain scanning tools like CNAPP Orca, Prisma cloud etc. Or any other on-premise scanning tools applicable.
  • Automate and maintain security scanning pipelines using tools like SonarQube, OWASP ZAP, Burp Suite Enterprise, Snyk, Trivy, or Checkmarx.
  • Automate security scans within the build and deployment pipeline (e.g., using Jenkins, GitLab CI, GitHub Actions).
  • Ensure proper data encryption in transit and at rest and validate key/certificate rotation practices.
Collaboration & Culture Building:
  • Collaborate with developers, DevOps, and security teams to integrate security into the development process.
  • Collaborate with DevOps and infrastructure teams to ensure runtime hardening, log integrity, and secure configuration baselines in on-premise deployments.
  • Provide support and mentoring to junior team members on secure coding practices and the use of security tools.

Security Standards & Compliance:

  • Ensure code complies with relevant regulatory and security standards such as PCI-DSS, ISO 27001, and internal security policies. Act as first technical responder for product-related incidents; perform root-cause analysis and coordinate patch release within defined SLAs.
Incident Response & Remediation:
  • Participate in incident response activities and collaborate with teams to remediate identified vulnerabilities


Requirements

Desired Candidate profile:

  • Educational Background: Bachelor’s degree in computer science, Information Security, or a related field.
  • Experience: 3–4 years of hands-on coding (to fix or co-fix vunerabilites) experience in Application Security, code review, security architecture. Experience in DevSecOps will be added advantage
  • Strong knowledge of Secure SDLC methodologies and security automation.
  • Experience integrating SAST, DAST, and SCA tools within CI/CD pipelines.
  • Good understanding of VAPT processes and coordination with pen testing teams
  • Technical Proficiency: Strong understanding of programming language Java is must
  • Proficiency in scripting languages (Python, Bash, or PowerShell).
  • Understanding of OWASP Top 10, CWE, and common vulnerability management frameworks.
  • Well versed with Security Frameworks: Industry standards and frameworks such as OWASP, NIST, and SANS.
  • Soft Skills: Strong communication and interpersonal skills to collaborate with cross-functional teams and stakeholders.
  • Cloud Security Knowledge: Experience with cloud platforms like AWS, Azure, or GCP and understanding of cloud security best practices.


Benefits

The company offers a range of employee benefits including:

  • Cashless medical insurance for employees, spouses, and children
  • Accidental insurance coverage
  • Life insurance coverage
  • Retirement benefits including Provident Fund (PF) and Gratuity
  • ESI*
  • Sodexo benefits for income tax savings
  • Paternity & Maternity Leave Benefit
  • National Pension Saving

Mock Interview

Practice Video Interview with JobPe AI

Start DevOps Interview
cta

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

coding practice

Enhance Your Java Skills

Practice Java coding challenges to boost your skills

Start Practicing Java Now

RecommendedJobs for You

hyderabad, chennai, bengaluru

bengaluru, karnataka, india

hyderabad, telangana, india

bengaluru, karnataka, india

chennai, tamil nadu, india